<!DOCTYPE html>
<html lang="zh-CN">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <title>Zmap | 冰河技术</title>
    <meta name="generator" content="VuePress 1.9.7">
    <link rel="icon" href="/favicon.ico">
    <script charset="utf-8" async="async" src="/js/jquery.min.js"></script>
    <script charset="utf-8" async="async" src="/js/global.js"></script>
    <script charset="utf-8" async="async" src="/js/fingerprint2.min.js"></script>
    <script charset="utf-8" async="async" src="https://v1.cnzz.com/z_stat.php?id=1281063564&amp;web_id=1281063564"></script>
    <script charset="utf-8" async="async" src="https://s9.cnzz.com/z_stat.php?id=1281064551&amp;web_id=1281064551"></script>
    <script>
            var _hmt = _hmt || [];
            (function() {
              var hm = document.createElement("script");
              hm.src = "https://hm.baidu.com/hm.js?d091d2fd0231588b1d0f9231e24e3f5e";
              var s = document.getElementsByTagName("script")[0];
              s.parentNode.insertBefore(hm, s);
            })();
            </script>
    <meta name="description" content="包含：编程语言，开发技术，分布式，微服务，高并发，高可用，高可扩展，高可维护，JVM技术，MySQL，分布式数据库，分布式事务，云原生，大数据，云计算，渗透技术，各种面试题，面试技巧...">
    <meta property="article:modified_time" content="2022-05-23T11:30:51.000Z">
    <meta property="og:title" content="Zmap">
    <meta property="og:type" content="article">
    <meta property="og:url" content="/md/hack/tools/2022-04-17-005-Zmap.html">
    <meta name="twitter:title" content="Zmap">
    <meta name="twitter:url" content="/md/hack/tools/2022-04-17-005-Zmap.html">
    <meta name="twitter:card" content="summary_large_image">
    <meta name="robots" content="all">
    <meta name="author" content="冰河">
    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
    <meta http-equiv="Pragma" content="no-cache">
    <meta http-equiv="Expires" content="0">
    <meta name="keywords" content="冰河，冰河技术, 编程语言，开发技术，分布式，微服务，高并发，高可用，高可扩展，高可维护，JVM技术，MySQL，分布式数据库，分布式事务，云原生，大数据，云计算，渗透技术，各种面试题，面试技巧">
    <meta name="apple-mobile-web-app-capable" content="yes">
    
    <link rel="preload" href="/assets/css/0.styles.ab888ebb.css" as="style"><link rel="preload" href="/assets/css/styles.css?v=1653305936337" as="style"><link rel="preload" href="/assets/js/cg-styles.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-app.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-4.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-3.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-198.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-5.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-6.js?v=1653305936337" as="script">
    <link rel="stylesheet" href="/assets/css/0.styles.ab888ebb.css"><link rel="stylesheet" href="/assets/css/styles.css?v=1653305936337">
  </head>
  <body>
    <div id="app" data-server-rendered="true"><div class="theme-container"><header class="navbar"><div class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/" class="home-link router-link-active"><!----> <span class="site-name">冰河技术</span></a> <div class="links"><div class="search-box"><input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"><div class="nav-item"><a href="/md/other/guide-to-reading.html" class="nav-link">
  导读
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="核心技术" class="dropdown-title"><span class="title">核心技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          Java核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/java/basics/2022-04-28-全网最全正则表达式总结.html" class="nav-link">
  Java基础
</a></li><li class="dropdown-subitem"><a href="/md/core/java/advanced/default.html" class="nav-link">
  Java进阶
</a></li><li class="dropdown-subitem"><a href="/md/core/java/senior/default.html" class="nav-link">
  Java高级
</a></li><li class="dropdown-subitem"><a href="/md/core/java/java8/2022-03-31-001-Java8有哪些新特性呢？.html" class="nav-link">
  Java8新特性
</a></li></ul></li><li class="dropdown-item"><h4>
          Spring核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/spring/ioc/2022-04-04-001-聊聊Spring注解驱动开发那些事儿.html" class="nav-link">
  IOC核心技术
</a></li><li class="dropdown-subitem"><a href="/md/core/spring/aop/default.html" class="nav-link">
  AOP核心技术
</a></li></ul></li><li class="dropdown-item"><h4>
          JVM核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/jvm/2022-04-18-001-JVM调优的几种场景.html" class="nav-link">
  JVM调优技术
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="性能调优" class="dropdown-title"><span class="title">性能调优</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/performance/jvm/default.html" class="nav-link">
  JVM性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/tomcat/default.html" class="nav-link">
  Tomcat性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/mysql/default.html" class="nav-link">
  MySQL性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/system/default.html" class="nav-link">
  操作系统性能调优
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="并发编程" class="dropdown-title"><span class="title">并发编程</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/concurrent/bottom/default.html" class="nav-link">
  底层技术
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/source/2020-03-30-001-一文搞懂线程与多线程.html" class="nav-link">
  源码分析
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/basics/2020-03-30-001-明明中断了线程，却为何不起作用呢？.html" class="nav-link">
  基础案例
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/ActualCombat/default.html" class="nav-link">
  实战案例
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/interview/default.html" class="nav-link">
  面试
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/framework/default.html" class="nav-link">
  系统架构
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="框架源码" class="dropdown-title"><span class="title">框架源码</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/frame/spring/default.html" class="nav-link">
  Spring源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/springmvc/default.html" class="nav-link">
  SpringMVC源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/mybatis/default.html" class="nav-link">
  MyBatis源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/dubbo/default.html" class="nav-link">
  Dubbo源码
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="分布式" class="dropdown-title"><span class="title">分布式</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          缓存技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/cache/default.html" class="nav-link">
  Redis
</a></li></ul></li><li class="dropdown-item"><h4>
          服务注册发现
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/zookeeper/default.html" class="nav-link">
  Zookeeper
</a></li></ul></li><li class="dropdown-item"><h4>
          消息中间件
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/mq/rabbitmq/default.html" class="nav-link">
  RabbitMQ
</a></li><li class="dropdown-subitem"><a href="/md/distributed/mq/rocketmq/default.html" class="nav-link">
  RocketMQ
</a></li><li class="dropdown-subitem"><a href="/md/distributed/mq/kafka/default.html" class="nav-link">
  Kafka
</a></li></ul></li><li class="dropdown-item"><h4>
          网络通信
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/netty/default.html" class="nav-link">
  Netty
</a></li></ul></li><li class="dropdown-item"><h4>
          远程调用
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/dubbo/default.html" class="nav-link">
  Dubbo
</a></li></ul></li><li class="dropdown-item"><h4>
          数据库
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/mongodb/default.html" class="nav-link">
  MongoDB
</a></li></ul></li><li class="dropdown-item"><h4>
          搜索引擎
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/es/default.html" class="nav-link">
  ElasticSearch
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="微服务" class="dropdown-title"><span class="title">微服务</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/microservices/springboot/default.html" class="nav-link">
  SpringBoot
</a></li><li class="dropdown-item"><!----> <a href="/md/microservices/springcloudalibaba/2022-04-02-SpringCloudAlibaba专栏开篇.html" class="nav-link">
  SpringCloudAlibaba
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="中间件" class="dropdown-title"><span class="title">中间件</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/middleware/bytecode/2022-04-11-001-工作多年的你依然重复做着CRUD-是否接触过这种技术.html" class="nav-link">
  字节码编程
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/threadpool/default.html" class="nav-link">
  手写线程池
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/limiter/default.html" class="nav-link">
  分布式限流
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/independent/default.html" class="nav-link">
  开源项目
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="项目实战" class="dropdown-title"><span class="title">项目实战</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/microservices/springcloudalibaba/2022-04-02-SpringCloudAlibaba专栏开篇.html" class="nav-link">
  SpringCloud Alibaba实战
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="渗透技术" class="dropdown-title"><span class="title">渗透技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/hack/environment/2022-04-17-001-安装Kali系统.html" class="nav-link">
  基础环境篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/tools/2022-04-17-001-使用Easy-Creds工具攻击无线网络.html" class="nav-link">
  渗透工具篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/horse/2022-05-02-001-各种一句话木马大全.html" class="nav-link">
  木马篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/sql/2022-05-02-001-sqli-labs-master下载与安装.html" class="nav-link">
  SQL注入篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/shell/2022-05-02-001-各种解析漏洞拿shell.html" class="nav-link">
  漏洞拿Shell篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/crack/2022-05-02-001-使用rarcrack暴力破解RAR-ZIP-7Z压缩包.html" class="nav-link">
  暴力破解篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/bash/2022-05-02-001-3389脚本开启代码(vbs版).html" class="nav-link">
  渗透脚本篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/raising/2022-05-02-001-数据库提权.html" class="nav-link">
  数据与系统提权篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/client/2022-05-02-001-浏览器渗透.html" class="nav-link">
  客户端渗透篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/sociology/2022-05-02-001-Metasploit之社会工程学工具包.html" class="nav-link">
  社会工程学
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/question/2022-05-02-001-HTTP错误4031禁止访问-执行访问被拒绝.html" class="nav-link">
  问题记录篇
</a></li></ul></div></div><div class="nav-item"><a href="/md/interview/2022-04-18-001-面试必问-聊聊JVM性能调优.html" class="nav-link">
  面试必问系列
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="📚PDF" class="dropdown-title"><span class="title">📚PDF</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          出版图书
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-深入理解分布式事务.html" class="nav-link">
  《深入理解分布式事务：原理与实战》
</a></li><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-MySQL技术大全.html" class="nav-link">
  《MySQL技术大全：开发、优化与运维实战》
</a></li><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-海量数据处理与大数据技术实战.html" class="nav-link">
  《海量数据处理与大数据技术实战》
</a></li></ul></li><li class="dropdown-item"><h4>
          电子书籍
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/knowledge/pdf/2022-03-30-《冰河的渗透实战笔记》电子书，442页，37万字，正式发布.html" class="nav-link">
  冰河的渗透实战笔记
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="关于" class="dropdown-title"><span class="title">关于</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/about/me/about-me.html" class="nav-link">
  关于自己
</a></li><li class="dropdown-item"><!----> <a href="/md/about/study/default.html" class="nav-link">
  关于学习
</a></li><li class="dropdown-item"><!----> <a href="/md/about/job/default.html" class="nav-link">
  关于职场
</a></li></ul></div></div><div class="nav-item"><a href="https://space.bilibili.com/517638832" target="_blank" rel="noopener noreferrer" class="nav-link external">
  B站
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div><div class="nav-item"><a href="https://github.com/binghe001/BingheGuide" target="_blank" rel="noopener noreferrer" class="nav-link external">
  Github
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <!----></nav></div></header> <div class="sidebar-mask"></div> <aside class="sidebar"><nav class="nav-links"><div class="nav-item"><a href="/md/other/guide-to-reading.html" class="nav-link">
  导读
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="核心技术" class="dropdown-title"><span class="title">核心技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          Java核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/java/basics/2022-04-28-全网最全正则表达式总结.html" class="nav-link">
  Java基础
</a></li><li class="dropdown-subitem"><a href="/md/core/java/advanced/default.html" class="nav-link">
  Java进阶
</a></li><li class="dropdown-subitem"><a href="/md/core/java/senior/default.html" class="nav-link">
  Java高级
</a></li><li class="dropdown-subitem"><a href="/md/core/java/java8/2022-03-31-001-Java8有哪些新特性呢？.html" class="nav-link">
  Java8新特性
</a></li></ul></li><li class="dropdown-item"><h4>
          Spring核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/spring/ioc/2022-04-04-001-聊聊Spring注解驱动开发那些事儿.html" class="nav-link">
  IOC核心技术
</a></li><li class="dropdown-subitem"><a href="/md/core/spring/aop/default.html" class="nav-link">
  AOP核心技术
</a></li></ul></li><li class="dropdown-item"><h4>
          JVM核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/jvm/2022-04-18-001-JVM调优的几种场景.html" class="nav-link">
  JVM调优技术
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="性能调优" class="dropdown-title"><span class="title">性能调优</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/performance/jvm/default.html" class="nav-link">
  JVM性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/tomcat/default.html" class="nav-link">
  Tomcat性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/mysql/default.html" class="nav-link">
  MySQL性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/system/default.html" class="nav-link">
  操作系统性能调优
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="并发编程" class="dropdown-title"><span class="title">并发编程</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/concurrent/bottom/default.html" class="nav-link">
  底层技术
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/source/2020-03-30-001-一文搞懂线程与多线程.html" class="nav-link">
  源码分析
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/basics/2020-03-30-001-明明中断了线程，却为何不起作用呢？.html" class="nav-link">
  基础案例
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/ActualCombat/default.html" class="nav-link">
  实战案例
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/interview/default.html" class="nav-link">
  面试
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/framework/default.html" class="nav-link">
  系统架构
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="框架源码" class="dropdown-title"><span class="title">框架源码</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/frame/spring/default.html" class="nav-link">
  Spring源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/springmvc/default.html" class="nav-link">
  SpringMVC源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/mybatis/default.html" class="nav-link">
  MyBatis源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/dubbo/default.html" class="nav-link">
  Dubbo源码
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="分布式" class="dropdown-title"><span class="title">分布式</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          缓存技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/cache/default.html" class="nav-link">
  Redis
</a></li></ul></li><li class="dropdown-item"><h4>
          服务注册发现
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/zookeeper/default.html" class="nav-link">
  Zookeeper
</a></li></ul></li><li class="dropdown-item"><h4>
          消息中间件
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/mq/rabbitmq/default.html" class="nav-link">
  RabbitMQ
</a></li><li class="dropdown-subitem"><a href="/md/distributed/mq/rocketmq/default.html" class="nav-link">
  RocketMQ
</a></li><li class="dropdown-subitem"><a href="/md/distributed/mq/kafka/default.html" class="nav-link">
  Kafka
</a></li></ul></li><li class="dropdown-item"><h4>
          网络通信
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/netty/default.html" class="nav-link">
  Netty
</a></li></ul></li><li class="dropdown-item"><h4>
          远程调用
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/dubbo/default.html" class="nav-link">
  Dubbo
</a></li></ul></li><li class="dropdown-item"><h4>
          数据库
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/mongodb/default.html" class="nav-link">
  MongoDB
</a></li></ul></li><li class="dropdown-item"><h4>
          搜索引擎
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/es/default.html" class="nav-link">
  ElasticSearch
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="微服务" class="dropdown-title"><span class="title">微服务</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/microservices/springboot/default.html" class="nav-link">
  SpringBoot
</a></li><li class="dropdown-item"><!----> <a href="/md/microservices/springcloudalibaba/2022-04-02-SpringCloudAlibaba专栏开篇.html" class="nav-link">
  SpringCloudAlibaba
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="中间件" class="dropdown-title"><span class="title">中间件</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/middleware/bytecode/2022-04-11-001-工作多年的你依然重复做着CRUD-是否接触过这种技术.html" class="nav-link">
  字节码编程
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/threadpool/default.html" class="nav-link">
  手写线程池
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/limiter/default.html" class="nav-link">
  分布式限流
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/independent/default.html" class="nav-link">
  开源项目
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="项目实战" class="dropdown-title"><span class="title">项目实战</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/microservices/springcloudalibaba/2022-04-02-SpringCloudAlibaba专栏开篇.html" class="nav-link">
  SpringCloud Alibaba实战
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="渗透技术" class="dropdown-title"><span class="title">渗透技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/hack/environment/2022-04-17-001-安装Kali系统.html" class="nav-link">
  基础环境篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/tools/2022-04-17-001-使用Easy-Creds工具攻击无线网络.html" class="nav-link">
  渗透工具篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/horse/2022-05-02-001-各种一句话木马大全.html" class="nav-link">
  木马篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/sql/2022-05-02-001-sqli-labs-master下载与安装.html" class="nav-link">
  SQL注入篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/shell/2022-05-02-001-各种解析漏洞拿shell.html" class="nav-link">
  漏洞拿Shell篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/crack/2022-05-02-001-使用rarcrack暴力破解RAR-ZIP-7Z压缩包.html" class="nav-link">
  暴力破解篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/bash/2022-05-02-001-3389脚本开启代码(vbs版).html" class="nav-link">
  渗透脚本篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/raising/2022-05-02-001-数据库提权.html" class="nav-link">
  数据与系统提权篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/client/2022-05-02-001-浏览器渗透.html" class="nav-link">
  客户端渗透篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/sociology/2022-05-02-001-Metasploit之社会工程学工具包.html" class="nav-link">
  社会工程学
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/question/2022-05-02-001-HTTP错误4031禁止访问-执行访问被拒绝.html" class="nav-link">
  问题记录篇
</a></li></ul></div></div><div class="nav-item"><a href="/md/interview/2022-04-18-001-面试必问-聊聊JVM性能调优.html" class="nav-link">
  面试必问系列
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="📚PDF" class="dropdown-title"><span class="title">📚PDF</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          出版图书
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-深入理解分布式事务.html" class="nav-link">
  《深入理解分布式事务：原理与实战》
</a></li><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-MySQL技术大全.html" class="nav-link">
  《MySQL技术大全：开发、优化与运维实战》
</a></li><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-海量数据处理与大数据技术实战.html" class="nav-link">
  《海量数据处理与大数据技术实战》
</a></li></ul></li><li class="dropdown-item"><h4>
          电子书籍
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/knowledge/pdf/2022-03-30-《冰河的渗透实战笔记》电子书，442页，37万字，正式发布.html" class="nav-link">
  冰河的渗透实战笔记
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="关于" class="dropdown-title"><span class="title">关于</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/about/me/about-me.html" class="nav-link">
  关于自己
</a></li><li class="dropdown-item"><!----> <a href="/md/about/study/default.html" class="nav-link">
  关于学习
</a></li><li class="dropdown-item"><!----> <a href="/md/about/job/default.html" class="nav-link">
  关于职场
</a></li></ul></div></div><div class="nav-item"><a href="https://space.bilibili.com/517638832" target="_blank" rel="noopener noreferrer" class="nav-link external">
  B站
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div><div class="nav-item"><a href="https://github.com/binghe001/BingheGuide" target="_blank" rel="noopener noreferrer" class="nav-link external">
  Github
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <!----></nav>  <ul class="sidebar-links"><li><section class="sidebar-group depth-0"><p class="sidebar-heading open"><span>渗透工具篇</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/md/hack/tools/2022-04-17-001-使用Easy-Creds工具攻击无线网络.html" class="sidebar-link">使用Easy-Creds工具攻击无线网络</a></li><li><a href="/md/hack/tools/2022-04-17-002-Nmap+Zenmap+Amap+Zmap.html" class="sidebar-link">Nmap+Zenmap+Amap+Zmap</a></li><li><a href="/md/hack/tools/2022-04-17-003-Zenmap.html" class="sidebar-link">Zenmap</a></li><li><a href="/md/hack/tools/2022-04-17-004-Amap.html" class="sidebar-link">Amap</a></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html" aria-current="page" class="active sidebar-link">Zmap</a></li><li><a href="/md/hack/tools/2022-04-17-006-Nessus的整理.html" class="sidebar-link">Nessus的整理</a></li><li><a href="/md/hack/tools/2022-04-17-007-Burpsuite上传截断及截断原理介绍.html" class="sidebar-link">Burpsuite上传截断及截断原理介绍</a></li><li><a href="/md/hack/tools/2022-04-17-008-Kali2.0Meterpreter运用.html" class="sidebar-link">Kali2.0 Meterpreter 运用</a></li><li><a href="/md/hack/tools/2022-04-17-009-lcx.exe内网转发命令教程-LCX免杀下载.html" class="sidebar-link">lcx.exe内网转发命令教程-LCX免杀下载</a></li><li><a href="/md/hack/tools/2022-04-17-010-字典生成工具Crunch的使用案例.html" class="sidebar-link">字典生成工具Crunch的使用案例</a></li><li><a href="/md/hack/tools/2022-04-17-011-WinlogonHack获取系统密码.html" class="sidebar-link">WinlogonHack获取系统密码</a></li><li><a href="/md/hack/tools/2022-04-17-012-Msfvenom生成各类Payload命令.html" class="sidebar-link">Msfvenom生成各类Payload命令</a></li><li><a href="/md/hack/tools/2022-04-17-013-PsExec下载地址及其用法.html" class="sidebar-link">PsExec下载地址及其用法</a></li><li><a href="/md/hack/tools/2022-04-17-014-Hydra安装Libssh模块.html" class="sidebar-link">Hydra安装Libssh模块</a></li><li><a href="/md/hack/tools/2022-04-17-015-利用procdump+Mimikatz绕过杀软获取Windows明文密码.html" class="sidebar-link">利用procdump+Mimikatz 绕过杀软获取Windows明文密码</a></li><li><a href="/md/hack/tools/2022-04-17-016-SQLMap的用法+谷歌黑客语法.html" class="sidebar-link">SQLMap的用法+谷歌黑客语法</a></li><li><a href="/md/hack/tools/2022-04-17-017-SQLMap用法总结.html" class="sidebar-link">SQLMap用法总结</a></li><li><a href="/md/hack/tools/2022-04-17-018-SQLMap参数说明.html" class="sidebar-link">SQLMap参数说明</a></li><li><a href="/md/hack/tools/2022-04-17-019-十大渗透测试演练系统.html" class="sidebar-link">十大渗透测试演练系统</a></li><li><a href="/md/hack/tools/2022-04-17-020-目录扫描神器DirBuster用法.html" class="sidebar-link">目录扫描神器DirBuster用法</a></li><li><a href="/md/hack/tools/2022-04-17-021-NMap在实战中的常见用法.html" class="sidebar-link">NMap在实战中的常见用法</a></li><li><a href="/md/hack/tools/2022-04-17-022-Metasploit模块的格式说明.html" class="sidebar-link">Metasploit模块的格式说明</a></li><li><a href="/md/hack/tools/2022-04-17-023-Meterpreter命令大全.html" class="sidebar-link">Meterpreter命令大全</a></li><li><a href="/md/hack/tools/2022-04-17-024-Metasploit-Meterpreter-Shell信息收集相关的命令.html" class="sidebar-link">Metasploit-Meterpreter-Shell信息收集相关的命令</a></li><li><a href="/md/hack/tools/2022-04-17-025-使用Metasploit编写绕过DEP渗透模块.html" class="sidebar-link">使用Metasploit编写绕过DEP渗透模块</a></li><li><a href="/md/hack/tools/2022-04-17-026-Metasploit渗透php-utility-belt程序.html" class="sidebar-link">Metasploit渗透php-utility-belt程序</a></li><li><a href="/md/hack/tools/2022-04-17-027-内网IPC$入侵.html" class="sidebar-link">内网IPC$入侵</a></li><li><a href="/md/hack/tools/2022-04-17-028-Metasploit渗透BSPlayerV2.68.html" class="sidebar-link">Metasploit渗透BSPlayer V2.68</a></li><li><a href="/md/hack/tools/2022-04-17-029-Metasploit攻击VSFTPD2.3.4后门漏洞并渗透内网.html" class="sidebar-link">Metasploit攻击VSFTPD2.3.4后门漏洞并渗透内网</a></li><li><a href="/md/hack/tools/2022-04-17-030-Metasploit攻击PHP-CGI查询字符串参数漏洞并渗透内网.html" class="sidebar-link">Metasploit攻击PHP-CGI查询字符串参数漏洞并渗透内网</a></li><li><a href="/md/hack/tools/2022-04-17-031-Metasploit攻击HFS2.3上的漏洞.html" class="sidebar-link">Metasploit攻击HFS2.3上的漏洞</a></li><li><a href="/md/hack/tools/2022-04-17-032-Metasploit访问控制的持久化.html" class="sidebar-link">Metasploit访问控制的持久化</a></li><li><a href="/md/hack/tools/2022-04-17-033-Metasploit清除渗透痕迹.html" class="sidebar-link">Metasploit清除渗透痕迹</a></li><li><a href="/md/hack/tools/2022-04-17-034-利用Metasploit找出SCADA服务器.html" class="sidebar-link">利用Metasploit找出SCADA服务器</a></li><li><a href="/md/hack/tools/2022-04-17-035-利用Metasploit渗透DATAC-RealWin-SCADA Server2.0.html" class="sidebar-link">利用Metasploit渗透DATAC-RealWin-SCADA Server2.0</a></li><li><a href="/md/hack/tools/2022-04-17-036-MSF-Meterpreter清理日志.html" class="sidebar-link">MSF-Meterpreter清理日志</a></li><li><a href="/md/hack/tools/2022-04-17-037-Metasploit自定义FTP扫描模块.html" class="sidebar-link">Metasploit自定义FTP扫描模块</a></li><li><a href="/md/hack/tools/2022-04-17-038-Metasploit渗透MSSQL.html" class="sidebar-link">Metasploit渗透MSSQL</a></li><li><a href="/md/hack/tools/2022-04-17-039-Metasploit渗透VOIP.html" class="sidebar-link">Metasploit渗透VOIP</a></li><li><a href="/md/hack/tools/2022-04-17-040-破解工具hydra安装与使用.html" class="sidebar-link">破解工具hydra安装与使用</a></li><li><a href="/md/hack/tools/2022-04-17-041-Metasploit自定义SSH认证暴力破解器.html" class="sidebar-link">Metasploit自定义SSH认证暴力破解器</a></li><li><a href="/md/hack/tools/2022-04-17-042-Metasploit自定义让磁盘失效的后渗透模块.html" class="sidebar-link">Metasploit自定义让磁盘失效的后渗透模块</a></li><li><a href="/md/hack/tools/2022-04-17-043-PowerShell基本命令和绕过权限执行.html" class="sidebar-link">PowerShell基本命令和绕过权限执行</a></li><li><a href="/md/hack/tools/2022-05-02-001-Metasploit自定义收集登录凭证的后渗透模块.html" class="sidebar-link">Metasploit自定义收集登录凭证的后渗透模块</a></li><li><a href="/md/hack/tools/2022-05-02-002-利用Java生成穷举字典(数字+字母(大小写)+字符).html" class="sidebar-link">利用Java生成穷举字典(数字+字母(大小写)+字符)</a></li><li><a href="/md/hack/tools/2022-05-02-003-PowerShell工具之Powerup详解实录.html" class="sidebar-link">PowerShell工具之Powerup详解实录</a></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter以被控制的计算机为跳板渗透其他服务器.html" class="sidebar-link">Meterpreter以被控制的计算机为跳板渗透其他服务器</a></li><li><a href="/md/hack/tools/2022-05-02-005-Win10完美去除桌面快捷图标小箭头.html" class="sidebar-link">Win10完美去除桌面快捷图标小箭头</a></li><li><a href="/md/hack/tools/2022-05-02-006-OpenVAS8.0-Vulnerability-Scanning.html" class="sidebar-link">OpenVAS 8.0 Vulnerability Scanning</a></li><li><a href="/md/hack/tools/2022-05-02-007-kali-Metasploit连接Postgresql默认密码.html" class="sidebar-link">kali Metasploit 连接 Postgresql 默认密码</a></li><li><a href="/md/hack/tools/2022-05-02-008-使用OpenVAS进行漏洞扫描.html" class="sidebar-link">kali 使用OpenVAS进行漏洞扫描</a></li><li><a href="/md/hack/tools/2022-05-02-009-对威胁建模附加搭建CVE2014-6287漏洞环境.html" class="sidebar-link">kali 对威胁建模(附加搭建CVE:2014-6287漏洞环境)</a></li><li><a href="/md/hack/tools/2022-05-02-010-Metasploit设置永久访问权限.html" class="sidebar-link">kali Metasploit设置永久访问权限</a></li><li><a href="/md/hack/tools/2022-05-02-011-Empire反弹回Metasploit.html" class="sidebar-link">Empire 反弹回 Metasploit</a></li><li><a href="/md/hack/tools/2022-05-02-012-Metasploit制作并运行自定义Meterpreper脚本.html" class="sidebar-link">Metasploit制作并运行自定义Meterpreper脚本</a></li><li><a href="/md/hack/tools/2022-05-02-013-使用Metasploit实现对缓冲区栈的溢出攻击.html" class="sidebar-link">使用Metasploit实现对缓冲区栈的溢出攻击</a></li><li><a href="/md/hack/tools/2022-05-02-014-使用Metasploit实现基于SEH的缓冲区溢出攻击.html" class="sidebar-link">使用Metasploit实现基于SEH的缓冲区溢出攻击</a></li><li><a href="/md/hack/tools/2022-05-02-015-Metasploit基本后渗透命令.html" class="sidebar-link">Metasploit基本后渗透命令</a></li><li><a href="/md/hack/tools/2022-05-02-016-Metasploit高级后渗透模块.html" class="sidebar-link">Metasploit高级后渗透模块</a></li><li><a href="/md/hack/tools/2022-05-02-017-Kali中一键更新Metasploit框架.html" class="sidebar-link">Kali中一键更新Metasploit框架</a></li><li><a href="/md/hack/tools/2022-05-02-018-Metasploit其他后渗透模块.html" class="sidebar-link">Metasploit其他后渗透模块</a></li><li><a href="/md/hack/tools/2022-05-02-019-Metasploit高级扩展功能.html" class="sidebar-link">Metasploit高级扩展功能</a></li><li><a href="/md/hack/tools/2022-05-02-020-Metasploit之pushm和popm命令.html" class="sidebar-link">Metasploit之pushm和popm命令</a></li><li><a href="/md/hack/tools/2022-05-02-021-Metasploit使用reload-edit-reload_all命令加快开发过程.html" class="sidebar-link">Metasploit使用reload、edit、reload_all命令加快开发过程</a></li><li><a href="/md/hack/tools/2022-05-02-022-Metasploit资源脚本的使用方法.html" class="sidebar-link">Metasploit资源脚本的使用方法</a></li><li><a href="/md/hack/tools/2022-05-02-023-在Metasploit中使用AutoRunScript.html" class="sidebar-link">在Metasploit中使用AutoRunScript</a></li><li><a href="/md/hack/tools/2022-05-02-024-使用Metasploit获取目标的控制权限.html" class="sidebar-link">使用Metasploit获取目标的控制权限</a></li><li><a href="/md/hack/tools/2022-05-02-025-使用Metasploit中的NMap插件扫描并渗透内网主机.html" class="sidebar-link">使用Metasploit中的NMap插件扫描并渗透内网主机</a></li><li><a href="/md/hack/tools/2022-05-02-026-Kali一句话升级Metasploit的命令.html" class="sidebar-link">Kali一句话升级Metasploit的命令</a></li><li><a href="/md/hack/tools/2022-05-02-027-Win2012R2打Windows8.1-KB2919355.html" class="sidebar-link">Win2012R2打Windows8.1-KB2919355</a></li><li><a href="/md/hack/tools/2022-05-02-028-Armitage基本原理.html" class="sidebar-link">Armitage基本原理</a></li><li><a href="/md/hack/tools/2022-05-02-029-Armitage网络扫描以及主机管理.html" class="sidebar-link">Armitage网络扫描以及主机管理</a></li><li><a href="/md/hack/tools/2022-05-02-030-使用Armitage进行渗透.html" class="sidebar-link">使用Armitage进行渗透</a></li><li><a href="/md/hack/tools/2022-05-02-031-使用Armitage进行后渗透攻击.html" class="sidebar-link">使用Armitage进行后渗透攻击</a></li><li><a href="/md/hack/tools/2022-05-02-032-使用Armitage进行客户端攻击.html" class="sidebar-link">使用Armitage进行客户端攻击</a></li><li><a href="/md/hack/tools/2022-05-02-033-Armitage脚本编写.html" class="sidebar-link">Armitage脚本编写</a></li><li><a href="/md/hack/tools/2022-05-02-034-Armitage控制Metasploit.html" class="sidebar-link">Armitage控制Metasploit</a></li><li><a href="/md/hack/tools/2022-05-02-035-Armitage使用Cortana实现后渗透攻击.html" class="sidebar-link">Armitage使用Cortana实现后渗透攻击</a></li><li><a href="/md/hack/tools/2022-05-02-036-Armitage使用Cortana创建自定义菜单.html" class="sidebar-link">Armitage使用Cortana创建自定义菜单</a></li><li><a href="/md/hack/tools/2022-05-02-037-Armitage界面的使用.html" class="sidebar-link">Armitage界面的使用</a></li><li><a href="/md/hack/tools/2022-05-02-038-tcpdump用法说明.html" class="sidebar-link">tcpdump用法说明</a></li></ul></section></li></ul> </aside> <div><main class="page"> <div class="theme-default-content content__default"><h1 id="zmap"><a href="#zmap" class="header-anchor">#</a> Zmap</h1> <h2 id="初识-zmap"><a href="#初识-zmap" class="header-anchor">#</a> 初识 ZMap</h2> <p>ZMap被设计用来针对整个IPv4地址空间或其中的大部分实施综合扫描的工具。ZMap是研究者手中的利器，但在运行ZMap时，请注意，您很有 可能正在以每秒140万个包的速度扫描整个IPv4地址空间 。我们建议用户即使在实施小范围扫描之前，也联系一下本地网络的管理员并参考我们列举的最佳扫描体验。</p> <p>默认情况下，ZMap会对于指定端口实施尽可能大速率的TCP SYN扫描。较为保守的情况下，对10,000个随机的地址的80端口以10Mbps的速度扫描，如下所示：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>$ zmap --bandwidth=10M --target-port=80 --max-targets=10000 --output-file=results.csv
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>或者更加简洁地写成：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>$ zmap -B 10M -p 80 -n 10000 -o results.csv
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>ZMap也可用于扫描特定子网或CIDR地址块。例如，仅扫描10.0.0.0/8和192.168.0.0/16的80端口，运行指令如下：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>zmap -p 80 -o results.csv 10.0.0.0/8 192.168.0.0/16
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>如果扫描进行的顺利，ZMap会每秒输出类似以下内容的状态更新：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>0% (1h51m left); send: 28777 562 Kp/s (560 Kp/s avg); recv: 1192 248 p/s (231 p/s avg); hits: 0.04%
0% (1h51m left); send: 34320 554 Kp/s (559 Kp/s avg); recv: 1442 249 p/s (234 p/s avg); hits: 0.04%
0% (1h50m left); send: 39676 535 Kp/s (555 Kp/s avg); recv: 1663 220 p/s (232 p/s avg); hits: 0.04%
0% (1h50m left); send: 45372 570 Kp/s (557 Kp/s avg); recv: 1890 226 p/s (232 p/s avg); hits: 0.04%
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br></div></div><p>这些更新信息提供了扫描的即时状态并表示成：</p> <p>完成进度% (剩余时间); send: 发出包的数量 即时速率 (平均发送速率); recv: 接收包的数量 接收率 (平均接收率); hits: 命中率</p> <p>如果不知道所在网络能支持的扫描速率，您可能要尝试不同的扫描速率和带宽限制直到扫描效果开始下降，借此找出当前网络能够支持的最快速度。</p> <p>默认情况下，ZMap会输出不同IP地址的列表（例如，根据SYN ACK数据包的情况），像下面这样。其输出结果还有几种附加的格式（如，JSON和Redis），可以用作生成程序可解析的扫描统计。 同样，可以指定附加的输出字段并使用输出过滤来过滤输出的结果。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>115.237.116.119
23.9.117.80
207.118.204.141
217.120.143.111
50.195.22.82
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br></div></div><p>我们强烈建议您使用黑名单文件，以排除预留的/未分配的IP地址空间（如，RFC1918 规定的私有地址、组播地址），以及网络中需要排除在您扫描之外的地址。默认情况下，ZMap将采用位于 /etc/zmap/blacklist.conf的这个简单的黑名单文件中所包含的预留和未分配地址。如果您需要某些特定设置，比如每次运行ZMap时的最大带宽或黑名单文件，您可以在文件/etc/zmap/zmap.conf中指定或使用自定义配置文件。</p> <p>如果您正试图解决扫描的相关问题，有几个选项可以帮助您调试。首先，您可以通过添加--dryrun实施预扫，以此来分析包可能会发送到网络的何处。此外，还可以通过设置'--verbosity=n`来更改日志详细程度。 最佳扫描体验</p> <p>我们为针对互联网进行扫描的研究者提供了一些建议，以此来引导养成良好的互联网合作氛围。</p> <ul><li>密切协同本地的网络管理员，以减少风险和调查</li> <li>确认扫描不会使本地网络或上游供应商瘫痪</li> <li>在发起扫描的源地址的网页和DNS条目中申明你的扫描是善意的</li> <li>明确解释你的扫描中所有连接的目的和范围</li> <li>提供一个简单的退出扫描的方法并及时响应请求</li> <li>实施扫描时，不使用比研究对象需求更大的扫描范围或更快的扫描频率</li> <li>如果可以，将扫描流量分布到不同的时间或源地址上</li></ul> <p>即使不声明，使用扫描的研究者也应该避免利用漏洞或访问受保护的资源，并遵守其辖区内任何特殊的法律规定。 命令行参数</p> <h2 id="通用选项"><a href="#通用选项" class="header-anchor">#</a> 通用选项</h2> <p>这些选项是实施简单扫描时最常用的选项。我们注意到某些选项取决于所使用的探测模块或输出模块（如，在实施ICMP Echo扫描时是不需要使用目的端口的）。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-p, --target-port=port
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>要扫描的目标TCP端口号（例如，443）</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-o, --output-file=name
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>将结果写入该文件，使用-代表输出到标准输出。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-b, --blacklist-file=path
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>文件中被排除的子网使用CIDR表示法（如192.168.0.0/16），一个一行。建议您使用此方法排除RFC 1918地址、组播地址、IANA预留空间等IANA专用地址。在conf/blacklist.example中提供了一个以此为目的示例黑名单文件。 扫描选项</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-n, --max-targets=n
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>限制探测目标的数量。后面跟的可以是一个数字（例如'-n 1000），或可扫描地址空间的百分比（例如，-n 0.1％`，不包括黑名单）</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-N, --max-results=n
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>收到多少结果后退出</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-t, --max-runtime=secs
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>限制发送报文的时间</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-r, --rate=pps
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>设置发包速率，以包/秒为单位</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-B, --bandwidth=bps
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>以比特/秒设置传输速率（支持使用后缀G，M或K（如-B 10M就是速度10 mbps）的。设置会覆盖--rate。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-c, --cooldown-time=secs
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>发送完成后等待多久继续接收回包（默认值= 8）</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-e, --seed=n
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>地址排序种子。如果要用多个ZMap以相同的顺序扫描地址，那么就可以使用这个参数。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>--shards=n
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>将扫描分片/区，使其可多个ZMap中执行（默认值= 1）。启用分片时，--seed参数是必需的。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>--shard=n
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>选择扫描的分片（默认值= 0）。n的范围在[0，N)，其中N为碎片的总数。启用分片时，--seed参数是必需的。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-T, --sender-threads=n
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>用于发送数据包的线程数（默认值= 1）</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-P, --probes=n
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>发送到每个IP的探测数（默认值= 1）</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-d, --dryrun
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>用标准输出打印出每个包，而不是将其发送（用于调试）</p> <p>网络选项</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-s, --source-port=port|range
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>发送数据包的源端口</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-S, --source-ip=ip|range
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>发送数据包的源地址。可以仅仅是一个IP，也可以是一个范围（如，10.0.0.1-10.0.0.9）</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-G, --gateway-mac=addr
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>数据包发送到的网关MAC地址（用以防止自动检测不工作的情况）</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-i, --interface=name
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>使用的网络接口</p> <h2 id="探测选项"><a href="#探测选项" class="header-anchor">#</a> 探测选项</h2> <p>ZMap允许用户指定并添加自己所需要的探测模块。 探测模块的职责就是生成要发送的探测包，并处理主机回复的响应包。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>--list-probe-modules
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>列出可用探测模块（如tcp_synscan）</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-M, --probe-module=name
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>选择探测模块（默认值= tcp_synscan）</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>--probe-args=args
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>向模块传递参数</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>--list-output-fields
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>列出可用的输出模块</p> <h2 id="输出选项"><a href="#输出选项" class="header-anchor">#</a> 输出选项</h2> <p>ZMap允许用户指定和编写他们自己的输出模块。输出模块负责处理由探测模块返回的字段，并将它们输出给用户。用户可以指定输出的字段，并过滤相应字段。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>--list-output-modules
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>列出可用输出模块（如tcp_synscan）</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-O, --output-module=name
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>选择输出模块（默认值为csv）</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>--output-args=args
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>传递给输出模块的参数</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-f, --output-fields=fields
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>输出的字段列表，以逗号分割</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>--output-filter
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>指定输出过滤器对探测模块定义字段进行过滤 附加选项</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-C, --config=filename
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>加载配置文件，可以指定其他路径。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-q, --quiet
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>不必每秒刷新输出</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-g, --summary
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>在扫描结束后打印配置和结果汇总信息</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-v, --verbosity=n
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>日志详细程度（0-5，默认值= 3）</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-h, --help
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>打印帮助并退出</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-V, --version
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>打印版本并退出</p> <h2 id="附加信息"><a href="#附加信息" class="header-anchor">#</a> 附加信息</h2> <p>TCP SYN 扫描</p> <p>在执行TCP SYN扫描时，ZMap需要指定一个目标端口，也支持指定发起扫描的源端口范围。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-p, --target-port=port
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>扫描的TCP端口（例如 443）</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-s, --source-port=port|range
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>发送扫描数据包的源端口（例如 40000-50000）</p> <p>警示！ ZMap基于Linux内核使用RST包来应答SYN/ACK包响应，以关闭扫描器打开的连接。ZMap是在Ethernet层完成包的发送的，这样做是为了减少跟踪打开的TCP连接和路由寻路带来的内核开销。因此，如果您有跟踪连接建立的防火墙规则，如类似于-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT的netfilter规则，将阻止SYN/ACK包到达内核。这不会妨碍到ZMap记录应答，但它会阻止RST包被送回，最终被扫描主机的连接会一直打开，直到超时后断开。我们强烈建议您在执行ZMap时，选择一组主机上未使用且防火墙允许访问的端口，加在-s后（如 -s '50000-60000' ）。 ICMP Echo 请求扫描</p> <p>虽然在默认情况下ZMap执行的是TCP SYN扫描，但它也支持使用ICMP echo请求扫描。在这种扫描方式下ICMP echo请求包被发送到每个主机，并以收到ICMP应答包作为答复。实施ICMP扫描可以通过选择icmp_echoscan扫描模块来执行，如下：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>$ zmap --probe-module=icmp_echoscan
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><h2 id="udp-数据报扫描"><a href="#udp-数据报扫描" class="header-anchor">#</a> UDP 数据报扫描</h2> <p>ZMap还额外支持UDP探测，它会发出任意UDP数据报给每个主机，并接收UDP或ICMP不可达的应答。ZMap可以通过使用--probe- args命令行选项来设置四种不同的UDP载荷。这些是：可在命令行设置可打印的ASCII 码的‘text’载荷和十六进制载荷的‘hex’，外部文件中包含载荷的‘file’，和通过动态字段生成的载荷的‘template’。为了得到UDP 响应，请使用-f参数确保您指定的“data”字段处于输出范围。</p> <p>下面的例子将发送两个字节'ST'，即PCAnwywhere的'status'请求，到UDP端口5632。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>$ zmap -M udp -p 5632 --probe-args=text:ST -N 100 -f saddr,data -o -
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>下面的例子将发送字节“0X02”，即SQL Server的'client broadcast'请求，到UDP端口1434。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>$ zmap -M udp -p 1434 --probe-args=hex:02 -N 100 -f saddr,data -o -
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>下面的例子将发送一个NetBIOS状态请求到UDP端口137。使用一个ZMap自带的载荷文件。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>$ zmap -M udp -p 1434 --probe-args=file:netbios_137.pkt -N 100 -f saddr,data -o -
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>下面的例子将发送SIP的'OPTIONS'请求到UDP端口5060。使用附ZMap自带的模板文件。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>$ zmap -M udp -p 1434 --probe-args=file:sip_options.tpl -N 100 -f saddr,data -o -
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>UDP载荷模板仍处于实验阶段。当您在更多的使用一个以上的发送线程（-T）时可能会遇到崩溃和一个明显的相比静态载荷性能降低的表现。模板仅仅是 一个由一个或多个使用${}将字段说明封装成序列构成的载荷文件。某些协议，特别是SIP，需要载荷来反射包中的源和目的包。其他协议，如 portmapper和DNS，每个请求包含的字段应该是随机的，或降低被Zamp扫描的多宿主系统的风险。</p> <p>以下的载荷模板将发送SIP OPTIONS请求到每一个目的地：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>OPTIONS sip:${RAND_ALPHA=8}@${DADDR} SIP/2.0
Via: SIP/2.0/UDP ${SADDR}:${SPORT};branch=${RAND_ALPHA=6}.${RAND_DIGIT=10};rport;alias
From: sip:${RAND_ALPHA=8}@${SADDR}:${SPORT};tag=${RAND_DIGIT=8}
To: sip:${RAND_ALPHA=8}@${DADDR}
Call-ID: ${RAND_DIGIT=10}@${SADDR}
CSeq: 1 OPTIONS
Contact: sip:${RAND_ALPHA=8}@${SADDR}:${SPORT}
Content-Length: 0
Max-Forwards: 20
User-Agent: ${RAND_ALPHA=8}
Accept: text/plain
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br></div></div><p>就像在上面的例子中展示的那样，注意每行行末以\r\n结尾，请求以\r\n\r\n结尾，大多数SIP实现都可以正确处理它。一个可以工作的例子放在ZMap的examples/udp-payloads目录下 (sip_options.tpl).</p> <p>当前实现了下面的模板字段：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>SADDR: 源IP地址的点分十进制格式
SADDR_N: 源IP地址的网络字节序格式
DADDR: 目的IP地址的点分十进制格式
DADDR_N: 目的IP地址的网络字节序格式
SPORT: 源端口的ascii格式
SPORT_N: 源端口的网络字节序格式
DPORT: 目的端口的ascii格式
DPORT_N: 目的端口的网络字节序格式
RAND_BYTE: 随机字节(0-255)，长度由=(length) 参数决定
RAND_DIGIT: 随机数字0-9，长度由=(length) 参数决定
RAND_ALPHA: 随机大写字母A-Z，长度由=(length) 参数决定
RAND_ALPHANUM: 随机大写字母A-Z和随机数字0-9，长度由=(length) 参数决定
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br></div></div><p>配置文件</p> <p>ZMap支持使用配置文件来代替在命令行上指定所有要求的选项。配置中可以通过每行指定一个长名称的选项和对应的值来创建：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>interface &quot;eth1&quot;
source-ip 1.1.1.4-1.1.1.8
gateway-mac b4:23:f9:28:fa:2d # upstream gateway
cooldown-time 300 # seconds
blacklist-file /etc/zmap/blacklist.conf
output-file ~/zmap-output
quiet
summary
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br></div></div><p>然后ZMap就可以按照配置文件并指定一些必要的附加参数运行了：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>$ zmap --config=~/.zmap.conf --target-port=443
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>详细</p> <p>ZMap可以在屏幕上生成多种类型的输出。默认情况下，Zmap将每隔1秒打印出相似的基本进度信息。可以通过设置--quiet来禁用。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>0:01 12%; send: 10000 done (15.1 Kp/s avg); recv: 144 143 p/s (141 p/s avg); hits: 1.44%
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>ZMap同样也可以根据扫描配置打印如下消息，可以通过'--verbosity`参数加以控制。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>Aug 11 16:16:12.813 [INFO] zmap: started
Aug 11 16:16:12.817 [DEBUG] zmap: no interface provided. will use eth0
Aug 11 16:17:03.971 [DEBUG] cyclic: primitive root: 3489180582
Aug 11 16:17:03.971 [DEBUG] cyclic: starting point: 46588
Aug 11 16:17:03.975 [DEBUG] blacklist: 3717595507 addresses allowed to be scanned
Aug 11 16:17:03.975 [DEBUG] send: will send from 1 address on 28233 source ports
Aug 11 16:17:03.975 [DEBUG] send: using bandwidth 10000000 bits/s, rate set to 14880 pkt/s
Aug 11 16:17:03.985 [DEBUG] recv: thread started
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br></div></div><p>ZMap还支持在扫描之后打印出一个的可grep的汇总信息，类似于下面这样，可以通过调用--summary来实现。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>cnf target-port 443
cnf source-port-range-begin 32768
cnf source-port-range-end 61000
cnf source-addr-range-begin 1.1.1.4
cnf source-addr-range-end 1.1.1.8
cnf maximum-packets 4294967295
cnf maximum-runtime 0
cnf permutation-seed 0
cnf cooldown-period 300
cnf send-interface eth1
cnf rate 45000
env nprocessors 16
exc send-start-time Fri Jan 18 01:47:35 2013
exc send-end-time Sat Jan 19 00:47:07 2013
exc recv-start-time Fri Jan 18 01:47:35 2013
exc recv-end-time Sat Jan 19 00:52:07 2013
exc sent 3722335150
exc blacklisted 572632145
exc first-scanned 1318129262
exc hit-rate 0.874102
exc synack-received-unique 32537000
exc synack-received-total 36689941
exc synack-cooldown-received-unique 193
exc synack-cooldown-received-total 1543
exc rst-received-unique 141901021
exc rst-received-total 166779002
adv source-port-secret 37952
adv permutation-gen 4215763218
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br><span class="line-number">22</span><br><span class="line-number">23</span><br><span class="line-number">24</span><br><span class="line-number">25</span><br><span class="line-number">26</span><br><span class="line-number">27</span><br><span class="line-number">28</span><br></div></div><h2 id="结果输出"><a href="#结果输出" class="header-anchor">#</a> 结果输出</h2> <p>ZMap可以通过输出模块生成不同格式的结果。默认情况下，ZMap只支持csv的输出，但是可以通过编译支持redis和json 。可以使用输出过滤来过滤这些发送到输出模块上的结果。输出模块输出的字段由用户指定。默认情况如果没有指定输出文件，ZMap将以csv格式返回结果，而不会生成特定结果。也可以编写自己的输出模块;请参阅编写输出模块。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-o, --output-file=p
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>输出写入文件地址</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-O, --output-module=p
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>调用自定义输出模块</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-f, --output-fields=p
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>以逗号分隔的输出的字段列表</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>--output-filter=filter
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>对给定的探测指定字段输出过滤</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>--list-output-modules
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>列出可用输出模块</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>--list-output-fields
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>列出给定的探测的可用输出字段</p> <h2 id="输出字段"><a href="#输出字段" class="header-anchor">#</a> 输出字段</h2> <p>除了IP地址之外，ZMap有很多字段。这些字段可以通过在给定探测模块上运行--list-output-fields来查看。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>$ zmap --probe-module=&quot;tcp_synscan&quot; --list-output-fields
saddr string: 应答包中的源IP地址
saddr-raw int: 网络字节格式的源IP地址
daddr string: 应答包中的目的IP地址
daddr-raw int: 网络字节格式的目的IP地址
ipid int: 应答包中的IP识别号
ttl int: 应答包中的ttl（存活时间）值
sport int: TCP 源端口
dport int: TCP 目的端口
seqnum int: TCP 序列号
acknum int: TCP Ack号
window int: TCP 窗口
classification string: 包类型
success int: 是应答包成功
repeat int: 是否是来自主机的重复响应
cooldown int: 是否是在冷却时间内收到的响应
timestamp-str string: 响应抵达时的时间戳使用ISO8601格式
timestamp-ts int: 响应抵达时的时间戳使用UNIX纪元开始的秒数
timestamp-us int: 时间戳的微秒部分(例如 从'timestamp-ts'的几微秒)
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br></div></div><p>可以通过使用--output-fields=fields或-f来选择选择输出字段，任意组合的输出字段可以被指定为逗号分隔的列表。例如：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>$ zmap -p 80 -f &quot;response,saddr,daddr,sport,seq,ack,in_cooldown,is_repeat,timestamp&quot; -o output.csv
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><h2 id="过滤输出"><a href="#过滤输出" class="header-anchor">#</a> 过滤输出</h2> <p>在传到输出模块之前，探测模块生成的结果可以先过滤。过滤是针对探测模块的输出字段的。过滤使用类似于SQL的简单过滤语法写成，通过ZMap的--output-filter选项来指定。输出过滤通常用于过滤掉重复的结果，或仅传输成功的响应到输出模块。</p> <p>过滤表达式的形式为&lt;字段名&gt; &lt;操作符&gt; &lt;值&gt;。&lt;值&gt;的类型必须是一个字符串或一串无符号整数并且匹配&lt;字段名&gt;类型。对于整数比较有效的操作符是= !=, &lt;, &gt;, &lt;=, &gt;=。字符串比较的操作是=，!=。--list-output-fields可以打印那些可供探测模块选择的字段和类型，然后退出。</p> <p>复合型的过滤操作，可以通过使用&amp;&amp;（逻辑与）和||（逻辑或）这样的运算符来组合出特殊的过滤操作。</p> <p>示例</p> <p>书写一则过滤仅显示成功的、不重复的应答</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>--output-filter=&quot;success = 1 &amp;&amp; repeat = 0&quot;
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>过滤出RST分类并且TTL大于10的包，或者SYNACK分类的包</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>--output-filter=&quot;(classification = rst &amp;&amp; ttl &gt; 10) || classification = synack&quot;
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>CSV</p> <p>csv模块将会生成以逗号分隔各个要求输出的字段的文件。例如，以下的指令将生成名为output.csv的CSV文件。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>$ zmap -p 80 -f &quot;response,saddr,daddr,sport,seq,ack,in_cooldown,is_repeat,timestamp&quot; -o output.csv

#响应, 源地址, 目的地址, 源端口, 目的端口, 序列号, 应答, 是否是冷却模式, 是否重复, 时间戳
response, saddr, daddr, sport, dport, seq, ack, in_cooldown, is_repeat, timestamp
synack, 159.174.153.144, 10.0.0.9, 80, 40555, 3050964427, 3515084203, 0, 0,2013-08-15 18:55:47.681
rst, 141.209.175.1, 10.0.0.9, 80, 40136, 0, 3272553764, 0, 0,2013-08-15 18:55:47.683
rst, 72.36.213.231, 10.0.0.9, 80, 56642, 0, 2037447916, 0, 0,2013-08-15 18:55:47.691
rst, 148.8.49.150, 10.0.0.9, 80, 41672, 0, 1135824975, 0, 0,2013-08-15 18:55:47.692
rst, 50.165.166.206, 10.0.0.9, 80, 38858, 0, 535206863, 0, 0,2013-08-15 18:55:47.694
rst, 65.55.203.135, 10.0.0.9, 80, 50008, 0, 4071709905, 0, 0,2013-08-15 18:55:47.700
synack, 50.57.166.186, 10.0.0.9, 80, 60650, 2813653162, 993314545, 0, 0,2013-08-15 18:55:47.704
synack, 152.75.208.114, 10.0.0.9, 80, 52498, 460383682, 4040786862, 0, 0,2013-08-15 18:55:47.707
synack, 23.72.138.74, 10.0.0.9, 80, 33480, 810393698, 486476355, 0, 0,2013-08-15 18:55:47.710
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br></div></div><h2 id="redis"><a href="#redis" class="header-anchor">#</a> Redis</h2> <p>Redis的输出模块允许地址被添加到一个Redis的队列，而不是保存到文件，允许ZMap将它与之后的处理工具结合使用。</p> <p>注意! ZMap默认不会编译Redis功能。如果你从源码构建ZMap，可以在CMake的时候加上-DWITH_REDIS=ON来增加Redis支持。</p> <h2 id="json"><a href="#json" class="header-anchor">#</a> JSON</h2> <p>JSON输出模块用起来类似于CSV模块，只是以JSON格式写入到文件。JSON文件能轻松地导入到其它可以读取JSON的程序中。</p> <p>注意！，ZMap默认不会编译JSON功能。如果你从源码构建ZMap，可以在CMake的时候加上-DWITH_JSON=ON来增加JSON支持。</p> <h2 id="黑名单和白名单"><a href="#黑名单和白名单" class="header-anchor">#</a> 黑名单和白名单</h2> <p>ZMap同时支持对网络前缀做黑名单和白名单。如果ZMap不加黑名单和白名单参数，他将会扫描所有的IPv4地址（包括本地的，保留的以及组播地 址）。如果指定了黑名单文件，那么在黑名单中的网络前缀将不再扫描；如果指定了白名单文件，只有那些网络前缀在白名单内的才会扫描。白名单和黑名单文件可 以协同使用；黑名单优先于白名单（例如：如果您在白名单中指定了10.0.0.0/8并在黑名单中指定了10.1.0.0/16，那么10.1.0.0 /16将不会扫描）。白名单和黑名单文件可以在命令行中指定，如下所示：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-b, --blacklist-file=path
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>文件用于记录黑名单子网，以CIDR（无类域间路由）的表示法，例如192.168.0.0/16</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-w, --whitelist-file=path
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>文件用于记录限制扫描的子网，以CIDR的表示法，例如192.168.0.0/16</p> <p>黑名单文件的每行都需要以CIDR的表示格式书写，一行单一的网络前缀。允许使用#加以备注。例如：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code># IANA（英特网编号管理局）记录的用于特殊目的的IPv4地址
# http://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
# 更新于2013-05-22
0.0.0.0/8 # RFC1122: 网络中的所有主机
10.0.0.0/8 # RFC1918: 私有地址
100.64.0.0/10 # RFC6598: 共享地址空间
127.0.0.0/8 # RFC1122: 回环地址
169.254.0.0/16 # RFC3927: 本地链路地址
172.16.0.0/12 # RFC1918: 私有地址
192.0.0.0/24 # RFC6890: IETF协议预留
192.0.2.0/24 # RFC5737: 测试地址1
192.88.99.0/24 # RFC3068: IPv6转换到IPv4的任播
192.168.0.0/16 # RFC1918: 私有地址
192.18.0.0/15 # RFC2544: 检测地址
198.51.100.0/24 # RFC5737: 测试地址2
203.0.113.0/24 # RFC5737: 测试地址3
240.0.0.0/4 # RFC1112: 预留地址
255.255.255.255/32 # RFC0919: 限制广播地址
# IANA记录的用于组播的地址空间
# http://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml
# 更新于2013-06-25
224.0.0.0/4 # RFC5771: 组播/预留地址ed
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br><span class="line-number">22</span><br></div></div><p>如果您只是想扫描因特网中随机的一部分地址，使用抽样检出，来代替使用白名单和黑名单。</p> <p>注意！ZMap默认设置使用/etc/zmap/blacklist.conf作为黑名单文件，其中包含有本地的地址空间和预留的IP空间。通过编辑/etc/zmap/zmap.conf可以改变默认的配置。</p> <h2 id="速度限制与抽样"><a href="#速度限制与抽样" class="header-anchor">#</a> 速度限制与抽样</h2> <p>默认情况下，ZMap将以您当前网卡所能支持的最快速度扫描。以我们对于常用硬件的经验，这通常是理论上Gbit以太网速度的95-98%，这可能 比您的上游提供商可处理的速度还要快。ZMap是不会自动的根据您的上游提供商来调整发送速率的。您可能需要手动的调整发送速率来减少丢包和错误结果。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-r, --rate=pps
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>设置最大发送速率以包/秒为单位</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-B, --bandwidth=bps
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>设置发送速率以比特/秒(支持G,M和K后缀)。这会覆盖--rate参数。</p> <p>ZMap同样支持对IPv4地址空间进行指定最大目标数和/或最长运行时间的随机采样。由于每次对主机的扫描是通过随机排序生成的，限制扫描的主机个数为N就会随机抽选N个主机。命令选项如下：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-n, --max-targets=n
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>探测目标上限数量</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-N, --max-results=n
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>结果上限数量（累积收到这么多结果后退出）</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-t, --max-runtime=s
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>发送数据包时间长度上限（以秒为单位）</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-s, --seed=n
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>种子用以选择地址的排列方式。使用不同ZMap执行扫描操作时将种子设成相同的值可以保证相同的扫描顺序。</p> <p>举个例子，如果您想要多次扫描同样的一百万个互联网主机，可以设定排序种子和扫描主机的上限数量，大致如下所示：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>zmap -p 443 -s 3 -n 1000000 -o results
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>为了确定哪一百万主机将要被扫描，您可以执行预扫，只打印数据包而非发送，并非真的实施扫描。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>zmap -p 443 -s 3 -n 1000000 --dryrun | grep daddr
| awk -F'daddr: ' '{print $2}' | sed 's/ |.*//;'
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div><h2 id="发送多个数据包"><a href="#发送多个数据包" class="header-anchor">#</a> 发送多个数据包</h2> <p>ZMap支持向每个主机发送多个探测。增加这个数量既增加了扫描时间又增加了到达的主机数量。然而，我们发现，增加的扫描时间（每个额外扫描的增加近100％）远远大于到达的主机数量（每个额外扫描的增加近1％）。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>-P, --probes=n
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>向每个IP发出的独立探测个数（默认值=1）</p> <h2 id="示例应用"><a href="#示例应用" class="header-anchor">#</a> 示例应用</h2> <p>ZMap专为向大量主机发起连接并寻找那些正确响应而设计。然而，我们意识到许多用户需要执行一些后续处理，如执行应用程序级别的握手。例如，用户在80端口实施TCP SYN扫描也许想要实施一个简单的GET请求，还有用户扫描443端口可能希望完成TLS握手。</p> <p><strong>Banner获取</strong></p> <p>我收录了一个示例程序，banner-grab，伴随ZMap使用可以让用户从监听状态的TCP服务器上接收到消息。Banner-grab连接 到提供的服务器上，发送一个可选的消息，然后打印出收到的第一个消息。这个工具可以用来获取banner，例如HTTP服务的回复的具体指 令，telnet登陆提示，或SSH服务的字符串。</p> <p>下面的例子寻找了1000个监听80端口的服务器，并向每个发送一个简单的GET请求，存储他们的64位编码响应至http-banners.out</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>$ zmap -p 80 -N 1000 -B 10M -o - | ./banner-grab-tcp -p 80 -c 500 -d ./http-req &gt; out
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>如果想知道更多使用banner-grab的细节,可以参考examples/banner-grab中的README文件。</p> <p>注意！ ZMap和banner-grab（如例子中）同时运行可能会比较显著的影响对方的表现和精度。确保不让ZMap占满banner-grab-tcp的并 发连接，不然banner-grab将会落后于标准输入的读入，导致阻塞ZMap的输出写入。我们推荐使用较慢扫描速率的ZMap，同时提升 banner-grab-tcp的并发性至3000以内（注意 并发连接&gt;1000需要您使用ulimit -SHn 100000和ulimit -HHn 100000来增加每个进程的最大文件描述符数量）。当然，这些参数取决于您服务器的性能、连接成功率（hit-rate）；我们鼓励开发者在运行大型扫描之前先进行小样本的试验。 建立套接字</p> <p>我们也收录了另一种形式的banner-grab，就是forge-socket， 重复利用服务器发出的SYN-ACK，连接并最终取得banner。在banner-grab-tcp中，ZMap向每个服务器发送一个SYN，并监听服务器发回的带有SYN+ACK的应答。运行ZMap主机的内核接受应答后发送RST，这样就没有与该包关联活动连接。程序banner-grab必须在这之后创建一个新的TCP连接到从服务器获取数据。</p> <p>在forge-socket中，我们利用内核中同名的模块，使我们可以创建任意参数的TCP连接。可以通过抑制内核的RST包，并重用SYN+ACK的参数取代该包而创建套接字，通过这个套接字收发数据和我们平时使用的连接套接字并没有什么不同。</p> <p>要使用forge-socket，您需要forge-socket内核模块，从github上可以获得。您需要git clone <a href="mailto:git@github.com">git@github.com</a>:ewust/forge_socket.git至ZMap源码根目录，然后cd进入forge_socket目录，运行make。以root身份运行insmod forge_socket.ko 来安装该内核模块。</p> <p>您也需要告知内核不要发送RST包。一个简单的在全系统禁用RST包的方法是使用iptables。以root身份运行iptables -A OUTPUT -p tcp -m tcp --tcp-flgas RST,RST RST,RST -j DROP即可，当然您也可以加上一项--dport X将禁用局限于所扫描的端口（X）上。扫描完成后移除这项设置，以root身份运行iptables -D OUTPUT -p tcp -m tcp --tcp-flags RST,RST RST,RST -j DROP即可。</p> <p>现在应该可以建立forge-socket的ZMap示例程序了。运行需要使用extended_fileZMap输出模块：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>$ zmap -p 80 -N 1000 -B 10M -O extended_file -o - | \
./forge-socket -c 500 -d ./http-req &gt; ./http-banners.out
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div><p>详细内容可以参考examples/forge-socket目录下的README。</p> <h2 id="编写探测和输出模块"><a href="#编写探测和输出模块" class="header-anchor">#</a> 编写探测和输出模块</h2> <p>ZMap可以通过探测模块来扩展支持不同类型的扫描，通过输出模块增加不同类型的输出结果。注册过的探测和输出模块可以在命令行中列出：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>--list-probe-modules
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>列出安装过的探测模块</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>--list-output-modules
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>列出安装过的输出模块</p> <h3 id="输出模块"><a href="#输出模块" class="header-anchor">#</a> 输出模块</h3> <p>ZMap的输出和输出后处理可以通过实现和注册扫描器的输出模块来扩展。输出模块在接收每一个应答包时都会收到一个回调。然而默认提供的模块仅提供简单的输出，这些模块同样支持更多的输出后处理（例如：重复跟踪或输出AS号码来代替IP地址）。</p> <p>通过定义一个新的output_module结构来创建输出模块，并在output_modules.c中注册：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>typedef struct output_module {
const char *name; // 在命令行如何引用输出模块
unsigned update_interval; // 以秒为单位的更新间隔
output_init_cb init; // 在扫描器初始化的时候调用
output_update_cb start; // 在扫描器开始的时候调用
output_update_cb update; // 每次更新间隔调用，秒为单位
output_update_cb close; // 扫描终止后调用
output_packet_cb process_ip; // 接收到应答时调用
const char *helptext; // 会在--list-output-modules时打印在屏幕上
} output_module_t;
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br></div></div><p>输出模块必须有名称，通过名称可以在命令行调用，并且通常会实现success_ip和常见的other_ip回调。process_ip的回调由每个收到并经由probe module过滤的应答包调用。应答是否被认定为成功并不确定（比如，它可以是一个TCP的RST）。这些回调必须定义匹配output_packet_cb定义的函数:</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>int (*output_packet_cb) (
ipaddr_n_t saddr, // 网络字节格式的发起扫描主机IP地址
ipaddr_n_t daddr, // 网络字节格式的目的IP地址
const char* response_type, // 发送模块的数据包分类
int is_repeat, // {0: 主机的第一个应答, 1: 后续的应答}
int in_cooldown, // {0: 非冷却状态, 1: 扫描器处于冷却中}
const u_char* packet, // 指向IP包的iphdr结构体的指针
size_t packet_len // 包的长度，以字节为单位
);
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br></div></div><p>输出模块还可以通过注册回调，执行在扫描初始化的时候（诸如打开输出文件的任务）、在扫描开始阶段（诸如记录黑名单的任务）、在扫描的常规间隔（诸如状态更新的任务）、在关闭的时候（诸如关掉所有打开的文件描述符）。提供的这些回调可以完整的访问扫描配置和当前状态：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>int (*output_update_cb)(struct state_conf*, struct state_send*, struct state_recv*);
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>这些定义在output_modules.h中。在src/outputmodules/modulecsv.c中有可用示例。</p> <h3 id="探测模块"><a href="#探测模块" class="header-anchor">#</a> 探测模块</h3> <p>数据包由探测模块构造，它可以创建各种包和不同类型的响应。ZMap默认拥有两个扫描模块：tcp_synscan和icmp_echoscan。默认情况下，ZMap使用tcp_synscan来发送TCP SYN包并对每个主机的响应分类，如打开时（收到SYN+ACK）或关闭时（收到RST）。ZMap允许开发者编写自己的ZMap探测模块，使用如下的API：</p> <p>任何类型的扫描都必须通过开发和注册send_module_t结构中的回调来实现：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>typedef struct probe_module {
const char *name; // 如何在命令行调用扫描
size_t packet_length; // 探测包有多长(必须是静态的)
const char *pcap_filter; // 对收到的响应实施PCAP过滤
size_t pcap_snaplen; // libpcap 捕获的最大字节数
uint8_t port_args; // 设为1，如果ZMap需要用户指定--target-port
probe_global_init_cb global_initialize; // 在扫描初始化会时被调用一次
probe_thread_init_cb thread_initialize; // 每个包缓存区的线程中被调用一次
probe_make_packet_cb make_packet; // 每个主机更新包的时候被调用一次
probe_validate_packet_cb validate_packet; // 每收到一个包被调用一次，
// 如果包无效返回0，
// 非零则有效。
probe_print_packet_cb print_packet; // 如果在预扫模式下被每个包都调用
probe_classify_packet_cb process_packet; // 由区分响应的接收器调用
probe_close_cb close; // 扫描终止后被调用
fielddef_t *fields // 该模块指定的字段的定义
int numfields // 字段的数量
} probe_module_t;
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br></div></div><p>在扫描操作初始化时会调用一次global_initialize，可以用来实施一些必要的全局配置和初始化操作。然而，global_initialize并不能访问包缓冲区，那里是线程特定的。代替的，thread_initialize在 每个发送线程初始化的时候被调用，提供对于缓冲区的访问，可以用来构建探测包和全局的源和目的值。此回调应用于构建主机不可知的包结构，甚至只有特定值 （如：目的主机和校验和），需要随着每个主机更新。例如，以太网头部信息在交换时不会变更（减去校验和是由NIC硬件计算的）因此可以事先定义以减少扫描 时间开销。</p> <p>调用回调参数make_packet是为了让被扫描的主机允许探测模块更 新主机指定的值，同时提供IP地址、一个非透明的验证字符串和探测数目（如下所示）。探测模块负责在探测中放置尽可能多的验证字符串，即便当服务器返回的 应答为空时，探测模块也能验证它的当前状态。例如，针对TCP SYN扫描，tcp_synscan探测模块会使用TCP源端口和序列号的格式存储验证字符串。响应包（SYN+ACK）将包含目的端口和确认号的预期 值。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>int make_packet(
void *packetbuf, // 包的缓冲区
ipaddr_n_t src_ip, // 网络字节格式源IP
ipaddr_n_t dst_ip, // 网络字节格式目的IP
uint32_t *validation, // 探测中的有效字符串
int probe_num // 如果向每个主机发送多重探测，
// 该值为我们对于该主机
// 正在发送的探测数目
);
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br></div></div><p>扫描模块也应该定义pcap_filter、validate_packet和process_packet。只有符合PCAP过滤器的包才会被扫描。举个例子，在一个TCP SYN扫描的情况下，我们只想要调查TCP SYN / ACK或RST TCP数据包，并利用类似tcp &amp;&amp; tcp[13] &amp; 4 != 0 || tcp[13] == 18的过滤方法。validate_packet函数将会被每个满足PCAP过滤条件的包调用。如果验证返回的值非零，将会调用process_packet函数，并使用fields定义的字段和包中的数据填充字段集。举个例子，如下代码为TCP synscan探测模块处理了一个数据包。</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>void synscan_process_packet(const u_char *packet, uint32_t len, fieldset_t *fs){
    struct iphdr *ip_hdr = (struct iphdr *)&amp;packet[sizeof(struct ethhdr)];
    struct tcphdr *tcp = (struct tcphdr*)((char *)ip_hdr + (sizeof(struct iphdr)));
    fs_add_uint64(fs, &quot;sport&quot;, (uint64_t) ntohs(tcp-&gt;source));
    fs_add_uint64(fs, &quot;dport&quot;, (uint64_t) ntohs(tcp-&gt;dest));
    fs_add_uint64(fs, &quot;seqnum&quot;, (uint64_t) ntohl(tcp-&gt;seq));
    fs_add_uint64(fs, &quot;acknum&quot;, (uint64_t) ntohl(tcp-&gt;ack_seq));
    fs_add_uint64(fs, &quot;window&quot;, (uint64_t) ntohs(tcp-&gt;window));
    if (tcp-&gt;rst) { // RST packet
        fs_add_string(fs, &quot;classification&quot;, (char*) &quot;rst&quot;, 0);
        fs_add_uint64(fs, &quot;success&quot;, 0);
    } else { // SYNACK packet
        fs_add_string(fs, &quot;classification&quot;, (char*) &quot;synack&quot;, 0);
        fs_add_uint64(fs, &quot;success&quot;, 1);
    }
}
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br></div></div><h2 id="写在最后"><a href="#写在最后" class="header-anchor">#</a> 写在最后</h2> <blockquote><p>如果你觉得冰河写的还不错，请微信搜索并关注「 <strong>冰河技术</strong> 」微信公众号，跟冰河学习高并发、分布式、微服务、大数据、互联网和云原生技术，「 <strong>冰河技术</strong> 」微信公众号更新了大量技术专题，每一篇技术文章干货满满！不少读者已经通过阅读「 <strong>冰河技术</strong> 」微信公众号文章，吊打面试官，成功跳槽到大厂；也有不少读者实现了技术上的飞跃，成为公司的技术骨干！如果你也想像他们一样提升自己的能力，实现技术能力的飞跃，进大厂，升职加薪，那就关注「 <strong>冰河技术</strong> 」微信公众号吧，每天更新超硬核技术干货，让你对如何提升技术能力不再迷茫！</p></blockquote> <p><img alt="" data-src="https://img-blog.csdnimg.cn/20200906013715889.png" loading="lazy" class="lazy"></p></div> <footer class="page-edit"><div class="edit-link"><a href="https://github.com/binghe001/BingheGuide/edit/master/docs/md/hack/tools/2022-04-17-005-Zmap.md" target="_blank" rel="noopener noreferrer">在 GitHub 上编辑此页</a> <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></div> <div class="last-updated"><span class="prefix">上次更新: </span> <span class="time">2022/5/23</span></div></footer> <div class="page-nav"><p class="inner"><span class="prev">
        ←
        <a href="/md/hack/tools/2022-04-17-004-Amap.html" class="prev">
          Amap
        </a></span> <span class="next"><a href="/md/hack/tools/2022-04-17-006-Nessus的整理.html">
          Nessus的整理
        </a>
        →
      </span></p></div> </main></div> <aside class="page-sidebar"> <div class="page-side-toolbar"><div class="option-box-toc-fixed"><div class="toc-container-sidebar"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="max-height:650px"><div style="font-weight:bold;text-align:center;">Zmap</div> <hr> <div class="toc-box"><ul class="toc-sidebar-links"><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#初识-zmap" class="toc-sidebar-link">初识 ZMap</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#通用选项" class="toc-sidebar-link">通用选项</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#探测选项" class="toc-sidebar-link">探测选项</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#输出选项" class="toc-sidebar-link">输出选项</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#附加信息" class="toc-sidebar-link">附加信息</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#udp-数据报扫描" class="toc-sidebar-link">UDP 数据报扫描</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#结果输出" class="toc-sidebar-link">结果输出</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#输出字段" class="toc-sidebar-link">输出字段</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#过滤输出" class="toc-sidebar-link">过滤输出</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#redis" class="toc-sidebar-link">Redis</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#json" class="toc-sidebar-link">JSON</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#黑名单和白名单" class="toc-sidebar-link">黑名单和白名单</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#速度限制与抽样" class="toc-sidebar-link">速度限制与抽样</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#发送多个数据包" class="toc-sidebar-link">发送多个数据包</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#示例应用" class="toc-sidebar-link">示例应用</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#编写探测和输出模块" class="toc-sidebar-link">编写探测和输出模块</a><ul class="toc-sidebar-sub-headers"><li class="toc-sidebar-sub-header"><a href="/md/hack/tools/2022-04-17-005-Zmap.html#输出模块" class="toc-sidebar-link">输出模块</a></li><li class="toc-sidebar-sub-header"><a href="/md/hack/tools/2022-04-17-005-Zmap.html#探测模块" class="toc-sidebar-link">探测模块</a></li></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#写在最后" class="toc-sidebar-link">写在最后</a><ul class="toc-sidebar-sub-headers"></ul></li></ul></div></div></div></div></div> <div class="option-box-toc-over"><img src="/images/system/toc.png" class="nozoom"> <span class="show-txt">目录</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="max-height:550px"><div style="font-weight:bold;text-align:center;">Zmap</div> <hr> <div class="toc-box"><ul class="toc-sidebar-links"><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#初识-zmap" class="toc-sidebar-link">初识 ZMap</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#通用选项" class="toc-sidebar-link">通用选项</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#探测选项" class="toc-sidebar-link">探测选项</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#输出选项" class="toc-sidebar-link">输出选项</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#附加信息" class="toc-sidebar-link">附加信息</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#udp-数据报扫描" class="toc-sidebar-link">UDP 数据报扫描</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#结果输出" class="toc-sidebar-link">结果输出</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#输出字段" class="toc-sidebar-link">输出字段</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#过滤输出" class="toc-sidebar-link">过滤输出</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#redis" class="toc-sidebar-link">Redis</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#json" class="toc-sidebar-link">JSON</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#黑名单和白名单" class="toc-sidebar-link">黑名单和白名单</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#速度限制与抽样" class="toc-sidebar-link">速度限制与抽样</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#发送多个数据包" class="toc-sidebar-link">发送多个数据包</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#示例应用" class="toc-sidebar-link">示例应用</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#编写探测和输出模块" class="toc-sidebar-link">编写探测和输出模块</a><ul class="toc-sidebar-sub-headers"><li class="toc-sidebar-sub-header"><a href="/md/hack/tools/2022-04-17-005-Zmap.html#输出模块" class="toc-sidebar-link">输出模块</a></li><li class="toc-sidebar-sub-header"><a href="/md/hack/tools/2022-04-17-005-Zmap.html#探测模块" class="toc-sidebar-link">探测模块</a></li></ul></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html#写在最后" class="toc-sidebar-link">写在最后</a><ul class="toc-sidebar-sub-headers"></ul></li></ul></div></div></div></div></div> <div class="option-box"><img src="/images/system/wechat.png" class="nozoom"> <span class="show-txt">手机看</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.9rem">微信扫一扫</span> <img height="180px" src="https://api.qrserver.com/v1/create-qr-code/?data=https://binghe001.github.io/md/hack/tools/2022-04-17-005-Zmap.html" style="margin:10px;">
                可以<b>手机看</b>或分享至<b>朋友圈</b></div></div></div></div> <div class="option-box"><img src="/images/system/toggle.png" width="30px" class="nozoom"> <span class="show-txt">左栏</span></div> <div class="option-box"><img src="/images/system/xingqiu.png" width="25px" class="nozoom"> <span class="show-txt">星球</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.8rem;font-weight:bold;">实战项目<span style="font-size:8px;color:red;">「SpringCloud Alibaba实战项目」</span>、专属电子书、问题解答、简历指导、技术分享、晋升指导、视频课程</span> <img height="180px" src="/images/personal/xingqiu.png" style="margin:10px;"> <b>知识星球</b>：冰河技术
            </div></div></div></div> <div class="option-box"><img src="/images/system/wexin4.png" width="25px" class="nozoom"> <span class="show-txt">读者群</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.8rem;font-weight:bold;">添加冰河微信<span style="color:red;">(hacker_binghe)</span>进冰河技术学习交流圈「无任何套路」</span> <img src="/images/personal/hacker_binghe.jpg" height="180px" style="margin:10px;">
                PS：添加时请备注<b>读者加群</b>，谢谢！
              </div></div></div></div> <div class="option-box"><img src="/images/system/download-2.png" width="25px" class="nozoom"> <span class="show-txt">下资料</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.8rem;font-weight:bold;">扫描公众号，回复<span style="color:red;">“1024”</span>下载<span style="color:red;">100GB+</span>学习技术资料、PDF书籍、实战项目、简历模板等「无任何套路」</span> <img src="/images/personal/qrcode.png" height="180px" style="margin:10px;"> <b>公众号:</b> 冰河技术
              </div></div></div></div> <div class="option-box"><img src="/images/system/heart-1.png" width="25px" class="nozoom"> <span class="show-txt">赞赏我</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.8rem;font-weight:bold;">鼓励/支持/赞赏我</span> <img height="180px" src="/images/personal/encourage-head.png" style="margin:5px;"> <br>1. 不靠它生存但仍希望得到你的鼓励；
                <br>2. 时刻警醒自己保持技术人的初心；
              </div></div></div></div> <div title="Amap" class="option-box" style="padding-left:2px;text-align:center;"><a href="/md/hack/tools/2022-04-17-004-Amap.html"><img src="/images/system/pre2.png" width="30px" class="nozoom"> <span class="show-txt">上一篇</span></a></div> <div title="Nessus的整理" class="option-box" style="padding-left:2px;text-align:center;"><a href="/md/hack/tools/2022-04-17-006-Nessus的整理.html"><img src="/images/system/next2.png" width="30px" class="nozoom"> <span class="show-txt">下一篇</span></a></div></div>  <!----> </aside></div><div class="global-ui"><div class="read-more-wrap" style="display:none;position:absolute;bottom:0px;z-index:9999;width:100%;margin-top:-100px;font-family:PingFangSC-Regular, sans-serif;"><div id="read-more-mask" style="position: relative; height: 200px; background: -webkit-gradient(linear, 0 0%, 0 100%, from(rgba(255, 255, 255, 0)), to(rgb(255, 255, 255)));"></div> <a id="read-more-btn" target="_self" style="position: absolute; left: 50%; top: 70%; bottom: 30px; transform: translate(-50%, -50%); width: 160px; height: 36px; line-height: 36px; font-size: 15px; text-align: center; border: 1px solid rgb(222, 104, 109); color: rgb(222, 104, 109); background: rgb(255, 255, 255); cursor: pointer; border-radius: 6px;">阅读全文</a> <div id="btw-modal-wrap" style="display: none;"><div id="btw-mask" style="position: fixed; top: 0px; right: 0px; bottom: 0px; left: 0px; opacity: 0.7; z-index: 999; background: rgb(0, 0, 0);"></div> <div id="btw-modal" style="position: fixed; top: 50%; left: 50%; transform: translate(-50%, -50%); width: 300px; text-align: center; font-size: 13px; background: rgb(255, 255, 255); border-radius: 10px; z-index: 9999; font-family: PingFangSC-Regular, sans-serif;"><span id="btw-modal-close-btn" style="position: absolute; top: 5px; right: 15px; line-height: 34px; font-size: 34px; cursor: pointer; opacity: 0.2; z-index: 9999; color: rgb(0, 0, 0); background: none; border: none; outline: none;">×</span> <p id="btw-modal-header" style="margin-top: 40px; line-height: 1.8; font-size: 13px;">
                扫码或搜索：<span style="color: #E9405A; font-weight: bold;">冰河技术</span> <br>发送：<span id="fustack-token" class="token" style="color: #e9415a; font-weight: bold; font-size: 17px; margin-bottom: 45px;">290992</span> <br>即可<span style="color: #e9415a; font-weight: bold;">立即永久</span>解锁本站全部文章</p> <img src="/images/personal/qrcode.png" style="width: 180px; margin-top: 10px; margin-bottom: 30px; border: 8px solid rgb(230, 230, 230);"></div></div></div><div class="pay-read-more-wrap" style="display:none;position:absolute;bottom:0px;z-index:9999;width:100%;margin-top:-100px;font-family:PingFangSC-Regular, sans-serif;"><div id="pay-read-more-mask" style="position: relative; height: 200px; background: -webkit-gradient(linear, 0 0%, 0 100%, from(rgba(255, 255, 255, 0)), to(rgb(255, 255, 255)));"></div> <a id="pay-read-more-btn" target="_blank" style="position: absolute; left: 50%; top: 70%; bottom: 30px; transform: translate(-50%, -50%); width: 160px; height: 36px; line-height: 36px; font-size: 15px; text-align: center; border: 1px solid rgb(222, 104, 109); color: rgb(222, 104, 109); background: rgb(255, 255, 255); cursor: pointer; border-radius: 6px;">付费阅读</a></div></div></div>
    <script src="/assets/js/cg-styles.js?v=1653305936337" defer></script><script src="/assets/js/cg-4.js?v=1653305936337" defer></script><script src="/assets/js/cg-3.js?v=1653305936337" defer></script><script src="/assets/js/cg-198.js?v=1653305936337" defer></script><script src="/assets/js/cg-5.js?v=1653305936337" defer></script><script src="/assets/js/cg-6.js?v=1653305936337" defer></script><script src="/assets/js/cg-app.js?v=1653305936337" defer></script>
  </body>
</html>
